[ECM] Add ECM allowlist to SystemConfig
This introduces a new configurable XML file
(/etc/sysconfig/enhanced-confirmation.xml) for ECM (Enhanced
Confirmation Mode). This file enables OEMs to declare a list of
"trusted packages" and/or "trusted installer" packages. A "trusted
package" will be exempt from ECM restrictions. A "trusted installer",
and all packages that it installs, will be exempt from ECM restrictions.
The file may contain zero or more XML elements of the form:
<enhanced-confirmation-trusted-package
package="com.example.app"
sha256-cert-digest="E9:7A:BC:2C:D1:..."/>
...and/or...
<enhanced-confirmation-trusted-installer
package="com.example.app"
sha256-cert-digest="E9:7A:BC:2C:D1:..."/>
(Where the 'package' attribute is a package name, and
'sha256-cert-digest' is a hex-encoded SHA-256 digest of a signing
certificate. Both fields are required for each XML element.)
This file is parsed by the SystemConfig class, where the collection of
all XML elements are deserialized into (SignedPackage) objects which
are cached within SystemConfig.
These objects are accessible by calling either the following SystemAPI
methods:
SystemConfigManager::getEnhancedConfirmationTrustedPackages
SystemConfigManager::getEnhancedConfirmationTrustedInstallers
...which in turn call the (respective) binder methods:
SystemConfigService::getEnhancedConfirmationTrustedPackages
SystemConfigService::getEnhancedConfirmationTrustedInstallers
...which read the data directly from SystemConfig.
The only intended caller of this API is ECM
(EnhancedConfirmationManager/EnhancedConfirmationService), which runs in
SystemServer.
The reason this needs to be SystemApi(MODULE_LIBRARIES) is that the ECM
source code lives within the packages/modules/Permission mainline
module.
Bug: 310654834
Test: atest FrameworksServicesTests:com.android.server.systemconfig.SystemConfigTest
Change-Id: I50e524e5782cea4e66232acef493edbe62aa1f61
diff --git a/data/etc/enhanced-confirmation.xml b/data/etc/enhanced-confirmation.xml
new file mode 100644
index 0000000..4a9dd2f
--- /dev/null
+++ b/data/etc/enhanced-confirmation.xml
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ~ Copyright (C) 2024 The Android Open Source Project
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+
+<!--
+This XML defines an allowlist of packages that should be exempt from ECM (Enhanced Confirmation
+Mode).
+
+Example usage:
+
+ <enhanced-confirmation-trusted-installer
+ package="com.example.app"
+ signature="E9:7A:BC:2C:D1:CA:8D:58:6A:57:0B:8C:F8:60:AA:D2:8D:13:30:2A:FB:C9:00:2C:5D:53:B2:6C:09:A4:85:A0"/>
+
+This indicates that "com.example.app" should be exempt from ECM, and that, if "com.example.app" is
+an installer, all packages installed via "com.example.app" will also be exempt from ECM.
+-->
+
+<config></config>
